GMER 2.1.19163 - http://www.gmer.net Rootkit scan 2013-09-06 05:22:58 Windows 5.1.2600 Dodatek Service Pack 2 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-10 SAMSUNG_HD250HJ rev.FH100-05 232,88GB Running: ddjftc0q.exe; Driver: C:\DOCUME~1\WACICI~1.SIC\USTAWI~1\Temp\kwacapoc.sys ---- Kernel code sections - GMER 2.1 ---- .sfrelocÿÿÿÿsfsync03unknown last section [0xF7644000, 0xA20, 0x40000040] C:\WINDOWS\system32\drivers\sfsync03.sys unknown last section [0xF7644000, 0xA20, 0x40000040] .text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB6F833C0, 0x843B7A, 0xE8000020] ---- User code sections - GMER 2.1 ---- .text C:\Program Files\Google\Chrome\Application\chrome.exe[804] ntdll.dll!NtCreateFile + 6 7C90D688 4 Bytes [28, 9C, 8A, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[804] ntdll.dll!NtCreateFile + B 7C90D68D 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[804] ntdll.dll!NtMapViewOfSection + 6 7C90DC5B 4 Bytes [28, 9F, 8A, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[804] ntdll.dll!NtMapViewOfSection + B 7C90DC60 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[804] ntdll.dll!NtOpenFile + 6 7C90DD03 4 Bytes [68, 9C, 8A, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[804] ntdll.dll!NtOpenFile + B 7C90DD08 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[804] ntdll.dll!NtOpenProcess + 6 7C90DD81 4 Bytes [A8, 9D, 8A, 00] {TEST AL, 0x9d; MOV AL, [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[804] ntdll.dll!NtOpenProcess + B 7C90DD86 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[804] ntdll.dll!NtOpenProcessToken + 6 7C90DD96 4 Bytes CALL 7B916838 .text C:\Program Files\Google\Chrome\Application\chrome.exe[804] ntdll.dll!NtOpenProcessToken + B 7C90DD9B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[804] ntdll.dll!NtOpenProcessTokenEx + 6 7C90DDAB 4 Bytes [A8, 9E, 8A, 00] {TEST AL, 0x9e; MOV AL, [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[804] ntdll.dll!NtOpenProcessTokenEx + B 7C90DDB0 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[804] ntdll.dll!NtOpenThread + 6 7C90DDFF 4 Bytes [68, 9D, 8A, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[804] ntdll.dll!NtOpenThread + B 7C90DE04 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[804] ntdll.dll!NtOpenThreadToken + 6 7C90DE14 4 Bytes [68, 9E, 8A, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[804] ntdll.dll!NtOpenThreadToken + B 7C90DE19 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[804] ntdll.dll!NtOpenThreadTokenEx + 6 7C90DE29 4 Bytes CALL 7B9168CC .text C:\Program Files\Google\Chrome\Application\chrome.exe[804] ntdll.dll!NtOpenThreadTokenEx + B 7C90DE2E 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[804] ntdll.dll!NtQueryAttributesFile + 6 7C90DEE6 4 Bytes [A8, 9C, 8A, 00] {TEST AL, 0x9c; MOV AL, [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[804] ntdll.dll!NtQueryAttributesFile + B 7C90DEEB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[804] ntdll.dll!NtQueryFullAttributesFile + 6 7C90DFB8 4 Bytes CALL 7B916A59 .text C:\Program Files\Google\Chrome\Application\chrome.exe[804] ntdll.dll!NtQueryFullAttributesFile + B 7C90DFBD 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[804] ntdll.dll!NtSetInformationFile + 6 7C90E5DF 4 Bytes [28, 9D, 8A, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[804] ntdll.dll!NtSetInformationFile + B 7C90E5E4 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[804] ntdll.dll!NtSetInformationThread + 6 7C90E648 4 Bytes [28, 9E, 8A, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[804] ntdll.dll!NtSetInformationThread + B 7C90E64D 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[804] ntdll.dll!NtUnmapViewOfSection + 6 7C90E966 4 Bytes [68, 9F, 8A, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[804] ntdll.dll!NtUnmapViewOfSection + B 7C90E96B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1184] ntdll.dll!NtCreateFile + 6 7C90D688 4 Bytes [28, 1C, D6, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1184] ntdll.dll!NtCreateFile + B 7C90D68D 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1184] ntdll.dll!NtMapViewOfSection + 6 7C90DC5B 4 Bytes [28, 1F, D6, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1184] ntdll.dll!NtMapViewOfSection + B 7C90DC60 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1184] ntdll.dll!NtOpenFile + 6 7C90DD03 4 Bytes [68, 1C, D6, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1184] ntdll.dll!NtOpenFile + B 7C90DD08 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1184] ntdll.dll!NtOpenProcess + 6 7C90DD81 4 Bytes [A8, 1D, D6, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1184] ntdll.dll!NtOpenProcess + B 7C90DD86 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1184] ntdll.dll!NtOpenProcessToken + 6 7C90DD96 4 Bytes CALL 7B91B3B8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[1184] ntdll.dll!NtOpenProcessToken + B 7C90DD9B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1184] ntdll.dll!NtOpenProcessTokenEx + 6 7C90DDAB 4 Bytes [A8, 1E, D6, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1184] ntdll.dll!NtOpenProcessTokenEx + B 7C90DDB0 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1184] ntdll.dll!NtOpenThread + 6 7C90DDFF 4 Bytes [68, 1D, D6, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1184] ntdll.dll!NtOpenThread + B 7C90DE04 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1184] ntdll.dll!NtOpenThreadToken + 6 7C90DE14 4 Bytes [68, 1E, D6, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1184] ntdll.dll!NtOpenThreadToken + B 7C90DE19 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1184] ntdll.dll!NtOpenThreadTokenEx + 6 7C90DE29 4 Bytes CALL 7B91B44C .text C:\Program Files\Google\Chrome\Application\chrome.exe[1184] ntdll.dll!NtOpenThreadTokenEx + B 7C90DE2E 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1184] ntdll.dll!NtQueryAttributesFile + 6 7C90DEE6 4 Bytes [A8, 1C, D6, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1184] ntdll.dll!NtQueryAttributesFile + B 7C90DEEB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1184] ntdll.dll!NtQueryFullAttributesFile + 6 7C90DFB8 4 Bytes CALL 7B91B5D9 .text C:\Program Files\Google\Chrome\Application\chrome.exe[1184] ntdll.dll!NtQueryFullAttributesFile + B 7C90DFBD 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1184] ntdll.dll!NtSetInformationFile + 6 7C90E5DF 4 Bytes [28, 1D, D6, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1184] ntdll.dll!NtSetInformationFile + B 7C90E5E4 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1184] ntdll.dll!NtSetInformationThread + 6 7C90E648 4 Bytes [28, 1E, D6, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1184] ntdll.dll!NtSetInformationThread + B 7C90E64D 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1184] ntdll.dll!NtUnmapViewOfSection + 6 7C90E966 4 Bytes [68, 1F, D6, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1184] ntdll.dll!NtUnmapViewOfSection + B 7C90E96B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1544] ntdll.dll!NtCreateFile + 6 7C90D688 4 Bytes [28, 70, 30, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1544] ntdll.dll!NtCreateFile + B 7C90D68D 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1544] ntdll.dll!NtMapViewOfSection + 6 7C90DC5B 4 Bytes [28, 73, 30, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1544] ntdll.dll!NtMapViewOfSection + B 7C90DC60 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1544] ntdll.dll!NtOpenFile + 6 7C90DD03 4 Bytes [68, 70, 30, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1544] ntdll.dll!NtOpenFile + B 7C90DD08 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1544] ntdll.dll!NtOpenProcess + 6 7C90DD81 4 Bytes [A8, 71, 30, 00] {TEST AL, 0x71; XOR [EAX], AL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1544] ntdll.dll!NtOpenProcess + B 7C90DD86 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1544] ntdll.dll!NtOpenProcessToken + 6 7C90DD96 4 Bytes CALL 7B910E0C .text C:\Program Files\Google\Chrome\Application\chrome.exe[1544] ntdll.dll!NtOpenProcessToken + B 7C90DD9B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1544] ntdll.dll!NtOpenProcessTokenEx + 6 7C90DDAB 4 Bytes [A8, 72, 30, 00] {TEST AL, 0x72; XOR [EAX], AL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1544] ntdll.dll!NtOpenProcessTokenEx + B 7C90DDB0 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1544] ntdll.dll!NtOpenThread + 6 7C90DDFF 4 Bytes [68, 71, 30, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1544] ntdll.dll!NtOpenThread + B 7C90DE04 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1544] ntdll.dll!NtOpenThreadToken + 6 7C90DE14 4 Bytes [68, 72, 30, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1544] ntdll.dll!NtOpenThreadToken + B 7C90DE19 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1544] ntdll.dll!NtOpenThreadTokenEx + 6 7C90DE29 4 Bytes CALL 7B910EA0 .text C:\Program Files\Google\Chrome\Application\chrome.exe[1544] ntdll.dll!NtOpenThreadTokenEx + B 7C90DE2E 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1544] ntdll.dll!NtQueryAttributesFile + 6 7C90DEE6 4 Bytes [A8, 70, 30, 00] {TEST AL, 0x70; XOR [EAX], AL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1544] ntdll.dll!NtQueryAttributesFile + B 7C90DEEB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1544] ntdll.dll!NtQueryFullAttributesFile + 6 7C90DFB8 4 Bytes CALL 7B91102D .text C:\Program Files\Google\Chrome\Application\chrome.exe[1544] ntdll.dll!NtQueryFullAttributesFile + B 7C90DFBD 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1544] ntdll.dll!NtSetInformationFile + 6 7C90E5DF 4 Bytes [28, 71, 30, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1544] ntdll.dll!NtSetInformationFile + B 7C90E5E4 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1544] ntdll.dll!NtSetInformationThread + 6 7C90E648 4 Bytes [28, 72, 30, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1544] ntdll.dll!NtSetInformationThread + B 7C90E64D 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1544] ntdll.dll!NtUnmapViewOfSection + 6 7C90E966 4 Bytes [68, 73, 30, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1544] ntdll.dll!NtUnmapViewOfSection + B 7C90E96B 1 Byte [E2] UPX1 C:\WINDOWS\system\svchost.exe[1804] C:\WINDOWS\system\svchost.exe entry point in "UPX1" section [0x018BF770] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2884] ntdll.dll!NtCreateFile + 6 7C90D688 4 Bytes [28, 74, 89, 00] {SUB [ECX+ECX*4+0x0], DH} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2884] ntdll.dll!NtCreateFile + B 7C90D68D 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2884] ntdll.dll!NtMapViewOfSection + 6 7C90DC5B 4 Bytes [28, 77, 89, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2884] ntdll.dll!NtMapViewOfSection + B 7C90DC60 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2884] ntdll.dll!NtOpenFile + 6 7C90DD03 4 Bytes [68, 74, 89, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2884] ntdll.dll!NtOpenFile + B 7C90DD08 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2884] ntdll.dll!NtOpenProcess + 6 7C90DD81 4 Bytes [A8, 75, 89, 00] {TEST AL, 0x75; MOV [EAX], EAX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2884] ntdll.dll!NtOpenProcess + B 7C90DD86 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2884] ntdll.dll!NtOpenProcessToken + 6 7C90DD96 4 Bytes CALL 7B916710 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2884] ntdll.dll!NtOpenProcessToken + B 7C90DD9B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2884] ntdll.dll!NtOpenProcessTokenEx + 6 7C90DDAB 4 Bytes [A8, 76, 89, 00] {TEST AL, 0x76; MOV [EAX], EAX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2884] ntdll.dll!NtOpenProcessTokenEx + B 7C90DDB0 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2884] ntdll.dll!NtOpenThread + 6 7C90DDFF 4 Bytes [68, 75, 89, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2884] ntdll.dll!NtOpenThread + B 7C90DE04 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2884] ntdll.dll!NtOpenThreadToken + 6 7C90DE14 4 Bytes [68, 76, 89, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2884] ntdll.dll!NtOpenThreadToken + B 7C90DE19 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2884] ntdll.dll!NtOpenThreadTokenEx + 6 7C90DE29 4 Bytes CALL 7B9167A4 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2884] ntdll.dll!NtOpenThreadTokenEx + B 7C90DE2E 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2884] ntdll.dll!NtQueryAttributesFile + 6 7C90DEE6 4 Bytes [A8, 74, 89, 00] {TEST AL, 0x74; MOV [EAX], EAX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2884] ntdll.dll!NtQueryAttributesFile + B 7C90DEEB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2884] ntdll.dll!NtQueryFullAttributesFile + 6 7C90DFB8 4 Bytes CALL 7B916931 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2884] ntdll.dll!NtQueryFullAttributesFile + B 7C90DFBD 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2884] ntdll.dll!NtSetInformationFile + 6 7C90E5DF 4 Bytes [28, 75, 89, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2884] ntdll.dll!NtSetInformationFile + B 7C90E5E4 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2884] ntdll.dll!NtSetInformationThread + 6 7C90E648 4 Bytes [28, 76, 89, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2884] ntdll.dll!NtSetInformationThread + B 7C90E64D 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2884] ntdll.dll!NtUnmapViewOfSection + 6 7C90E966 4 Bytes [68, 77, 89, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2884] ntdll.dll!NtUnmapViewOfSection + B 7C90E96B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2932] ntdll.dll!NtCreateFile + 6 7C90D688 2 Bytes [28, CC] {SUB AH, CL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2932] ntdll.dll!NtCreateFile + 9 7C90D68B 1 Byte [00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2932] ntdll.dll!NtCreateFile + 9 7C90D68B 3 Bytes [00, FF, E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2932] ntdll.dll!NtMapViewOfSection + 6 7C90DC5B 2 Bytes [28, CF] {SUB BH, CL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2932] ntdll.dll!NtMapViewOfSection + 9 7C90DC5E 1 Byte [00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2932] ntdll.dll!NtMapViewOfSection + 9 7C90DC5E 3 Bytes [00, FF, E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2932] ntdll.dll!NtOpenFile + 6 7C90DD03 2 Bytes [68, CC] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2932] ntdll.dll!NtOpenFile + 9 7C90DD06 1 Byte [00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2932] ntdll.dll!NtOpenFile + 9 7C90DD06 3 Bytes [00, FF, E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2932] ntdll.dll!NtOpenProcess + 6 7C90DD81 2 Bytes [A8, CD] {TEST AL, 0xcd} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2932] ntdll.dll!NtOpenProcess + 9 7C90DD84 1 Byte [00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2932] ntdll.dll!NtOpenProcess + 9 7C90DD84 3 Bytes [00, FF, E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2932] ntdll.dll!NtOpenProcessToken + 6 7C90DD96 2 Bytes CALL 7B91DC68 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2932] ntdll.dll!NtOpenProcessToken + 9 7C90DD99 1 Byte [00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2932] ntdll.dll!NtOpenProcessToken + 9 7C90DD99 3 Bytes [00, FF, E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2932] ntdll.dll!NtOpenProcessTokenEx + 6 7C90DDAB 2 Bytes [A8, CE] {TEST AL, 0xce} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2932] ntdll.dll!NtOpenProcessTokenEx + 9 7C90DDAE 1 Byte [00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2932] ntdll.dll!NtOpenProcessTokenEx + 9 7C90DDAE 3 Bytes [00, FF, E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2932] ntdll.dll!NtOpenThread + 6 7C90DDFF 2 Bytes [68, CD] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2932] ntdll.dll!NtOpenThread + 9 7C90DE02 1 Byte [00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2932] ntdll.dll!NtOpenThread + 9 7C90DE02 3 Bytes [00, FF, E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2932] ntdll.dll!NtOpenThreadToken + 6 7C90DE14 2 Bytes [68, CE] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2932] ntdll.dll!NtOpenThreadToken + 9 7C90DE17 1 Byte [00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2932] ntdll.dll!NtOpenThreadToken + 9 7C90DE17 3 Bytes [00, FF, E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2932] ntdll.dll!NtOpenThreadTokenEx + 6 7C90DE29 2 Bytes CALL 7B91DCFC .text C:\Program Files\Google\Chrome\Application\chrome.exe[2932] ntdll.dll!NtOpenThreadTokenEx + 9 7C90DE2C 1 Byte [00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2932] ntdll.dll!NtOpenThreadTokenEx + 9 7C90DE2C 3 Bytes [00, FF, E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2932] ntdll.dll!NtQueryAttributesFile + 6 7C90DEE6 2 Bytes [A8, CC] {TEST AL, 0xcc} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2932] ntdll.dll!NtQueryAttributesFile + 9 7C90DEE9 1 Byte [00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2932] ntdll.dll!NtQueryAttributesFile + 9 7C90DEE9 3 Bytes [00, FF, E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2932] ntdll.dll!NtQueryFullAttributesFile + 6 7C90DFB8 2 Bytes CALL 7B91DE89 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2932] ntdll.dll!NtQueryFullAttributesFile + 9 7C90DFBB 1 Byte [00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2932] ntdll.dll!NtQueryFullAttributesFile + 9 7C90DFBB 3 Bytes [00, FF, E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2932] ntdll.dll!NtSetInformationFile + 6 7C90E5DF 2 Bytes [28, CD] {SUB CH, CL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2932] ntdll.dll!NtSetInformationFile + 9 7C90E5E2 1 Byte [00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2932] ntdll.dll!NtSetInformationFile + 9 7C90E5E2 3 Bytes [00, FF, E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2932] ntdll.dll!NtSetInformationThread + 6 7C90E648 2 Bytes [28, CE] {SUB DH, CL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2932] ntdll.dll!NtSetInformationThread + 9 7C90E64B 1 Byte [00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2932] ntdll.dll!NtSetInformationThread + 9 7C90E64B 3 Bytes [00, FF, E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2932] ntdll.dll!NtUnmapViewOfSection + 6 7C90E966 2 Bytes [68, CF] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2932] ntdll.dll!NtUnmapViewOfSection + 9 7C90E969 1 Byte [00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2932] ntdll.dll!NtUnmapViewOfSection + 9 7C90E969 3 Bytes [00, FF, E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2948] ntdll.dll!NtCreateFile + 6 7C90D688 4 Bytes [28, 28, 94, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2948] ntdll.dll!NtCreateFile + B 7C90D68D 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2948] ntdll.dll!NtMapViewOfSection + 6 7C90DC5B 4 Bytes [28, 2B, 94, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2948] ntdll.dll!NtMapViewOfSection + B 7C90DC60 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2948] ntdll.dll!NtOpenFile + 6 7C90DD03 4 Bytes [68, 28, 94, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2948] ntdll.dll!NtOpenFile + B 7C90DD08 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2948] ntdll.dll!NtOpenProcess + 6 7C90DD81 4 Bytes [A8, 29, 94, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2948] ntdll.dll!NtOpenProcess + B 7C90DD86 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2948] ntdll.dll!NtOpenProcessToken + 6 7C90DD96 4 Bytes CALL 7B9171C4 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2948] ntdll.dll!NtOpenProcessToken + B 7C90DD9B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2948] ntdll.dll!NtOpenProcessTokenEx + 6 7C90DDAB 4 Bytes [A8, 2A, 94, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2948] ntdll.dll!NtOpenProcessTokenEx + B 7C90DDB0 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2948] ntdll.dll!NtOpenThread + 6 7C90DDFF 4 Bytes [68, 29, 94, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2948] ntdll.dll!NtOpenThread + B 7C90DE04 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2948] ntdll.dll!NtOpenThreadToken + 6 7C90DE14 4 Bytes [68, 2A, 94, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2948] ntdll.dll!NtOpenThreadToken + B 7C90DE19 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2948] ntdll.dll!NtOpenThreadTokenEx + 6 7C90DE29 4 Bytes CALL 7B917258 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2948] ntdll.dll!NtOpenThreadTokenEx + B 7C90DE2E 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2948] ntdll.dll!NtQueryAttributesFile + 6 7C90DEE6 4 Bytes [A8, 28, 94, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2948] ntdll.dll!NtQueryAttributesFile + B 7C90DEEB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2948] ntdll.dll!NtQueryFullAttributesFile + 6 7C90DFB8 4 Bytes CALL 7B9173E5 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2948] ntdll.dll!NtQueryFullAttributesFile + B 7C90DFBD 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2948] ntdll.dll!NtSetInformationFile + 6 7C90E5DF 4 Bytes [28, 29, 94, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2948] ntdll.dll!NtSetInformationFile + B 7C90E5E4 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2948] ntdll.dll!NtSetInformationThread + 6 7C90E648 4 Bytes [28, 2A, 94, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2948] ntdll.dll!NtSetInformationThread + B 7C90E64D 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2948] ntdll.dll!NtUnmapViewOfSection + 6 7C90E966 4 Bytes [68, 2B, 94, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2948] ntdll.dll!NtUnmapViewOfSection + B 7C90E96B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3780] ntdll.dll!NtCreateFile + 6 7C90D688 4 Bytes [28, A8, BC, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3780] ntdll.dll!NtCreateFile + B 7C90D68D 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3780] ntdll.dll!NtMapViewOfSection + 6 7C90DC5B 4 Bytes [28, AB, BC, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3780] ntdll.dll!NtMapViewOfSection + B 7C90DC60 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3780] ntdll.dll!NtOpenFile + 6 7C90DD03 4 Bytes [68, A8, BC, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3780] ntdll.dll!NtOpenFile + B 7C90DD08 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3780] ntdll.dll!NtOpenProcess + 6 7C90DD81 4 Bytes [A8, A9, BC, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3780] ntdll.dll!NtOpenProcess + B 7C90DD86 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3780] ntdll.dll!NtOpenProcessToken + 6 7C90DD96 4 Bytes CALL 7B919A44 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3780] ntdll.dll!NtOpenProcessToken + B 7C90DD9B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3780] ntdll.dll!NtOpenProcessTokenEx + 6 7C90DDAB 4 Bytes [A8, AA, BC, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3780] ntdll.dll!NtOpenProcessTokenEx + B 7C90DDB0 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3780] ntdll.dll!NtOpenThread + 6 7C90DDFF 4 Bytes [68, A9, BC, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3780] ntdll.dll!NtOpenThread + B 7C90DE04 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3780] ntdll.dll!NtOpenThreadToken + 6 7C90DE14 4 Bytes [68, AA, BC, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3780] ntdll.dll!NtOpenThreadToken + B 7C90DE19 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3780] ntdll.dll!NtOpenThreadTokenEx + 6 7C90DE29 4 Bytes CALL 7B919AD8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3780] ntdll.dll!NtOpenThreadTokenEx + B 7C90DE2E 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3780] ntdll.dll!NtQueryAttributesFile + 6 7C90DEE6 4 Bytes [A8, A8, BC, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3780] ntdll.dll!NtQueryAttributesFile + B 7C90DEEB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3780] ntdll.dll!NtQueryFullAttributesFile + 6 7C90DFB8 4 Bytes CALL 7B919C65 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3780] ntdll.dll!NtQueryFullAttributesFile + B 7C90DFBD 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3780] ntdll.dll!NtSetInformationFile + 6 7C90E5DF 4 Bytes [28, A9, BC, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3780] ntdll.dll!NtSetInformationFile + B 7C90E5E4 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3780] ntdll.dll!NtSetInformationThread + 6 7C90E648 4 Bytes [28, AA, BC, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3780] ntdll.dll!NtSetInformationThread + B 7C90E64D 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3780] ntdll.dll!NtUnmapViewOfSection + 6 7C90E966 4 Bytes [68, AB, BC, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3780] ntdll.dll!NtUnmapViewOfSection + B 7C90E96B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4064] ntdll.dll!NtCreateFile + 6 7C90D688 4 Bytes [28, DC, 2B, 00] {SUB AH, BL; SUB EAX, [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4064] ntdll.dll!NtCreateFile + B 7C90D68D 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4064] ntdll.dll!NtMapViewOfSection + 6 7C90DC5B 4 Bytes [28, DF, 2B, 00] {SUB BH, BL; SUB EAX, [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4064] ntdll.dll!NtMapViewOfSection + B 7C90DC60 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4064] ntdll.dll!NtOpenFile + 6 7C90DD03 4 Bytes [68, DC, 2B, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4064] ntdll.dll!NtOpenFile + B 7C90DD08 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4064] ntdll.dll!NtOpenProcess + 6 7C90DD81 4 Bytes [A8, DD, 2B, 00] {TEST AL, 0xdd; SUB EAX, [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4064] ntdll.dll!NtOpenProcess + B 7C90DD86 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4064] ntdll.dll!NtOpenProcessToken + 6 7C90DD96 4 Bytes CALL 7B910978 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4064] ntdll.dll!NtOpenProcessToken + B 7C90DD9B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4064] ntdll.dll!NtOpenProcessTokenEx + 6 7C90DDAB 4 Bytes [A8, DE, 2B, 00] {TEST AL, 0xde; SUB EAX, [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4064] ntdll.dll!NtOpenProcessTokenEx + B 7C90DDB0 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4064] ntdll.dll!NtOpenThread + 6 7C90DDFF 4 Bytes [68, DD, 2B, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4064] ntdll.dll!NtOpenThread + B 7C90DE04 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4064] ntdll.dll!NtOpenThreadToken + 6 7C90DE14 4 Bytes [68, DE, 2B, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4064] ntdll.dll!NtOpenThreadToken + B 7C90DE19 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4064] ntdll.dll!NtOpenThreadTokenEx + 6 7C90DE29 4 Bytes CALL 7B910A0C .text C:\Program Files\Google\Chrome\Application\chrome.exe[4064] ntdll.dll!NtOpenThreadTokenEx + B 7C90DE2E 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4064] ntdll.dll!NtQueryAttributesFile + 6 7C90DEE6 4 Bytes [A8, DC, 2B, 00] {TEST AL, 0xdc; SUB EAX, [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4064] ntdll.dll!NtQueryAttributesFile + B 7C90DEEB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4064] ntdll.dll!NtQueryFullAttributesFile + 6 7C90DFB8 4 Bytes CALL 7B910B99 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4064] ntdll.dll!NtQueryFullAttributesFile + B 7C90DFBD 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4064] ntdll.dll!NtSetInformationFile + 6 7C90E5DF 4 Bytes [28, DD, 2B, 00] {SUB CH, BL; SUB EAX, [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4064] ntdll.dll!NtSetInformationFile + B 7C90E5E4 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4064] ntdll.dll!NtSetInformationThread + 6 7C90E648 4 Bytes [28, DE, 2B, 00] {SUB DH, BL; SUB EAX, [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4064] ntdll.dll!NtSetInformationThread + B 7C90E64D 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4064] ntdll.dll!NtUnmapViewOfSection + 6 7C90E966 4 Bytes [68, DF, 2B, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4064] ntdll.dll!NtUnmapViewOfSection + B 7C90E96B 1 Byte [E2] ---- Devices - GMER 2.1 ---- Device \Driver\atapi \Device\Ide\IdePort0 sfsync03.sys Device \Driver\atapi \Device\Ide\IdePort1 sfsync03.sys Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-5 sfsync03.sys Device \Driver\atapi \Device\Ide\IdePort2 sfsync03.sys Device \Driver\atapi \Device\Ide\IdePort3 sfsync03.sys Device \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-10 sfsync03.sys Device \Driver\USBSTOR \Device\00000067 sfsync03.sys Device \Driver\USBSTOR \Device\00000068 sfsync03.sys ---- Files - GMER 2.1 ---- File C:\qtyrq 0 bytes File C:\yogjr 35 bytes ---- EOF - GMER 2.1 ----